Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Struggling to get IPSec/L2TP to work

    IPsec
    1
    2
    589
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      malcmail
      last edited by

      I've followed the walkthrough at https://doc.pfsense.org/index.php/L2TP/IPsec a couple of times now but cannot get my VPN to work from my android phone. I'm using the latest build 2.3.3_1 so the instructions don't 100% match but it appears I've done something wrong somewhere - repeatedly. Is there a problem with it or is it just me?

      1 Reply Last reply Reply Quote 0
      • M
        malcmail
        last edited by

        The IPSec log if it means anything to anyone - doesn't to me sadly.

        Apr 7 09:31:48 charon 11[IKE] <20> received FRAGMENTATION vendor ID
        Apr 7 09:31:48 charon 11[IKE] <20> received DPD vendor ID
        Apr 7 09:31:48 charon 11[IKE] <20> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:48 charon 11[CFG] <20> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:48 charon 11[CFG] <20> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:48 charon 11[IKE] <20> no proposal found
        Apr 7 09:31:48 charon 11[ENC] <20> generating INFORMATIONAL_V1 request 4286656525 [ N(NO_PROP) ]
        Apr 7 09:31:48 charon 11[NET] <20> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:51 charon 11[NET] <21> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:51 charon 11[ENC] <21> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:51 charon 11[IKE] <21> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received FRAGMENTATION vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> received DPD vendor ID
        Apr 7 09:31:51 charon 11[IKE] <21> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:51 charon 11[CFG] <21> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:51 charon 11[CFG] <21> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:51 charon 11[IKE] <21> no proposal found
        Apr 7 09:31:51 charon 11[ENC] <21> generating INFORMATIONAL_V1 request 319277664 [ N(NO_PROP) ]
        Apr 7 09:31:51 charon 11[NET] <21> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:55 charon 11[NET] <22> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:55 charon 11[ENC] <22> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:55 charon 11[IKE] <22> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received FRAGMENTATION vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> received DPD vendor ID
        Apr 7 09:31:55 charon 11[IKE] <22> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:55 charon 11[CFG] <22> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:55 charon 11[CFG] <22> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:55 charon 11[IKE] <22> no proposal found
        Apr 7 09:31:55 charon 11[ENC] <22> generating INFORMATIONAL_V1 request 914008803 [ N(NO_PROP) ]
        Apr 7 09:31:55 charon 11[NET] <22> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)
        Apr 7 09:31:58 charon 11[NET] <23> received packet: from 192.168.1.33[500] to 86.178.124.128[500] (724 bytes)
        Apr 7 09:31:58 charon 11[ENC] <23> parsed ID_PROT request 0 [ SA V V V V V V ]
        Apr 7 09:31:58 charon 11[IKE] <23> received NAT-T (RFC 3947) vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received FRAGMENTATION vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> received DPD vendor ID
        Apr 7 09:31:58 charon 11[IKE] <23> 192.168.1.33 is initiating a Main Mode IKE_SA
        Apr 7 09:31:58 charon 11[CFG] <23> received proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
        Apr 7 09:31:58 charon 11[CFG] <23> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        Apr 7 09:31:58 charon 11[IKE] <23> no proposal found
        Apr 7 09:31:58 charon 11[ENC] <23> generating INFORMATIONAL_V1 request 3324214621 [ N(NO_PROP) ]
        Apr 7 09:31:58 charon 11[NET] <23> sending packet: from 86.178.124.128[500] to 192.168.1.33[500] (56 bytes)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post